As you might know, Planio comes with a powerful REST API which covers almost all aspects of Planio. If you were working with the API before, you know that in order to use it, you had to generate an API key and use that to make authorized API calls.
This approach, while relatively easy to work with, has a few drawbacks:
- Each API key is tied to a single user account, meaning that your application will always act as this user when interacting with Planio.
- There is no way to restrict what an application can do - an API key always grants it's user the same set of permissions that the user it belongs to has.
OAuth 2 introduces a mechanism to restrict applications to a certain scope. Further, users need to explicitly grant access to an application before it may act on their behalf. When doing so, they will be informed about the scope, that is, what data the application is going to have access to. In the same way, a user may later decide to revert this decision and revoke access for an application at any time.
Please register to add a comment